News Reports May Be A Little Quick To Clear Sarasota E-Voting Machines

from the not-quite dept

Mon, Feb 26th 2007 3:07am — Mike Masnick

The Associated Press put out an article late Friday claiming that a study found the e-voting machines used in Florida's Sarasota County the machines had no problems -- despite a large number of missing votes. At least that's what you'd get from reading the article, with a headline that blares: "Audit: Fla. Voting Machines Didn't Err." Of course, that's not exactly what the study found. First of all, the panel of researchers did not study the e-voting machines at all -- but just the source code of the software. There could be plenty of other reasons why the voting machines had problems that couldn't be uncovered just by looking at the source code of the software. And, in fact, the actual report is hardly as forgiving as the AP report makes out. Ed Felten points out that the report actually highlights all kinds of security problems with the software, including plenty of places where a virus could exploit a buffer overflow. It also discovered incredibly weak security, such as a master password that would be relatively easy to guess (only had 256 possibilities).

Of course, that doesn't mean that there was anything malicious going on here. As both the report and Felten point out, that hardly seems likely (especially since if you were to do something malicious, you wouldn't undercount votes, but switch them to hide them better). Instead, as Felten notes, it seems likely that the machines simply screwed up. He suggests "systems that are insecure tend to be unreliable as well -- they tend to go wrong on their own even if nobody is attacking them. Code that is laced with buffer overruns, array out-of-bounds errors, integer overflow errors, and the like tends to be flaky. Sporadic undervotes are the kind of behavior you would expect to see from a flaky voting technology." Once again, if anything, this test has done a disservice to those looking to strengthen the election process. As Felten pointed out when he refused to serve on the panel, limiting what could be tested isn't particularly useful -- and leads to things like the Associated Press declaring that the machines have been vindicated when that's not at all true.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

7 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Cixelsid, 26 Feb 2007 @ 3:28am

Crazy
You'd expect software that is integral to the democratic freedom of a country to at least have some sized buffer checks. Seriously, considering the amount of security and testing involved with military software, why aren't the same protocols being adhered to in this case?
[ link to this | view in chronology ]
- Haapi, 26 Feb 2007 @ 7:11am
  
  Re: Crazy
  Yeah, I was just wondering why this kind of software isn't written in ADA or some other milspec language.
  
  Oh, I know, it is the "marketplace at work."
  [ link to this | view in chronology ]
  - Cixelsid, 26 Feb 2007 @ 11:35am
    
    Re: Re: Crazy
    "Yeah, I was just wondering why this kind of software isn't written in ADA or some other milspec language."
    
    Fuckin A man. You want type safety, fuck, here, you got it. Here's to ADA *clink*
    [ link to this | view in chronology ]
TotallyTrustworthyVotingDude, 26 Feb 2007 @ 4:53am

E Voting Machines CAN be trusted
Electronic voting machines *can* be made totally secure and totally worthy of trust. But only if you let *me* write the software and setup the machines.

You can totally trust me not to go rigging any elections or anything, because my mum says I'm honest and anyway I have a totally trustworthy name, TotallyTrustworthyVotingDude !

If there's anything odd about the results, you can totally take my word for it, no need to verify that extra programs haven't been run, or a different dataset has been uploaded, or that the code running on the machine is the one you're certifying, because I'm TotallyTrustworthVotingDude and I say it's stupid voters!
[ link to this | view in chronology ]
_Jon, 26 Feb 2007 @ 5:31am

So, the most likely scenario is that the people who wrote or tested the software did not run it through multiple iterations of voting. They probably voted a few times and declared "It works!"

If they had simulated - say - 100+ voters, the system pro'lly would have auto-reset and lost the last voter or two.

Load Testing - what a concept.

heh
That reminds me of an auto company that had a problem with their digital odometer when it was new. When the car go to 32767 miles, it would roll over to 0. So much for *actually* driving the car for endurance testing...
[ link to this | view in chronology ]
новини, 26 Feb 2007 @ 6:57am

digital revolution
e-voting must be accomplished with open source standarts, hosted on neutral machines with digital and phisical security. Everything else is a big.. LIE. God bless open source.
[ link to this | view in chronology ]
Anonymous Coward, 26 Feb 2007 @ 8:28am

if you think voting machines can be buggy..
has anyone anywhere found software nearly as capable, OR as compromisable as the humane personality? THAT is what we trust with current voting. Let's keep this in perspective as we responsibly consider our voting future.
[ link to this | view in chronology ]